CVE-2025-70252

CWE-121Stack-based Buffer Overflow3 documents3 sources
Severity
7.5HIGH
EPSS
0.1%
top 77.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda AC6 Firmware
Timeline
PublishedMar 2

Description

An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check,which leads to a stack overflow vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDtenda/ac6_firmware15.03.06.23_multi

🔴Vulnerability Details

2
CVEList
CVE-2025-70252: An issue was discovered in /goform/WifiWpsStart in Tenda AC6V22026-03-02
GHSA
GHSA-p7m8-274h-m4f6: An issue was discovered in /goform/WifiWpsStart in Tenda AC6V22026-03-02
CVE-2025-70252 (HIGH CVSS 7.5) | An issue was discovered in /goform/ | cvebase.io